CVE-2023-30508

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying operating system, including sensitive system files.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::
	cpe:2.3:a:arubanetworks:edgeconnect_enterprise::::::::

History

07 Jul 2023, 15:15

Type	Values Removed	Values Added
References	{'url': 'https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-0007.txt', 'name': 'https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-0007.txt', 'tags': ['Broken Link', 'Vendor Advisory'], 'refsource': 'MISC'}	(MISC) https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt -

Information

Published : 2023-05-16 19:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-30508

Mitre link : CVE-2023-30508

CVE.ORG link : CVE-2023-30508

JSON object : View

Products Affected

arubanetworks

edgeconnect_enterprise

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-30508", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2023-05-16T19:15:09.980", "references": [{"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-007.txt", "source": "security-alert@hpe.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface.\u00a0Successful exploitation of these vulnerabilities result in the ability to read arbitrary files on the underlying\u00a0operating system, including sensitive system files."}], "lastModified": "2023-07-07T15:15:09.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D75E6912-3DB4-47C9-87BF-A5D0BFA71743", "versionEndIncluding": "9.0.8.0"}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40ABD090-E99C-4A19-9540-3A1123FF886B", "versionEndIncluding": "9.1.5.0", "versionStartIncluding": "9.1.0.0"}, {"criteria": "cpe:2.3:a:arubanetworks:edgeconnect_enterprise:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73218F9F-C3F8-4AD2-8116-9CA428995154", "versionEndIncluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}